From 9e61809699d5c07888d6b6ed70a7396ee54cc85f Mon Sep 17 00:00:00 2001
From: Julien M <julien.moura@oslandia.com>
Date: Thu, 18 Jan 2024 09:53:32 +0100
Subject: [PATCH] docs: add how to customize CA bundle to use

---
 docs/guides/howto_behind_proxy.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/docs/guides/howto_behind_proxy.md b/docs/guides/howto_behind_proxy.md
index 2c02a412..19c70fe9 100644
--- a/docs/guides/howto_behind_proxy.md
+++ b/docs/guides/howto_behind_proxy.md
@@ -4,6 +4,8 @@
 Only HTTP and HTTPS proxies are supported. No socks, no PAC.
 :::
 
+> See [Requests official documentation](https://docs.python-requests.org/en/latest/user/advanced/#proxies)
+
 ## Passing as CLI option
 
 - the proxy configuration is scoped to the QDT execution.
@@ -40,3 +42,30 @@ At the shell session scope:
 > $env:QDT_PROXY_HTTP='http://user:password@proxyserver.intra:8765'
 > qdt -vvv
 ```
+
+----
+
+## Defining custom SSL client certificates
+
+Using a proxy for https connections typically requires the local machine to trust the proxy’s root certificate.
+
+> See [Requests official documentation](https://docs.python-requests.org/en/latest/user/advanced/#ca-certificates)
+
+### Using `REQUESTS_CA_BUNDLE` or `CURL_CA_BUNDLE`
+
+Point to a certificat bundle file path (*.pem).
+
+#### Example on Windows PowerShell
+
+Only for the QDT command scope:
+
+```powershell
+$env:REQUESTS_CA_BUNDLE="$env:USERPROFILE\cacerts.pem"; qdt -vvv
+```
+
+At the shell session scope:
+
+```powershell
+> $env:REQUESTS_CA_BUNDLE="$env:USERPROFILE\cacerts.pem"
+> qdt -vvv
+```